Google’s “First Party Sets” runs into opposition at W3C group meeting; independent privacy entity promoted

Privacy Beat

Your weekly privacy news update.

VIEW IN YOUR BROWSER

 

Google’s “First Party Sets” runs into opposition at W3C group meeting; independent privacy entity promoted

Three browser makers and at least one major publisher are suggesting that Google’s latest effort to promote privacy on the web — First Party Sets (FPS) — might be scrapped because it doesn’t necessarily promote privacy — and may not comply with a British antitrust directive.  However, the World Wide Web Consortium (W3C) “Privacy Community Group” could move to split off a related governance idea and move it forward independently.

Google has advanced FPS as a replacement — perhaps temporary — for the elimination of third-party cookies, which for two decades have allowed multiple websites to trade data and identity information — mostly for advertising targeting — without explicit end-user permission.

Engineers from competing browser makers Apple, Brave and Mozilla suggested before and during Thursday’s W3C online meeting (May 26) that it may be time for Google to shelve FPS (see MINUTES). Instead, at least two participants in the session — Don Marti of ad-tech vendor CafeMedia, and Aram Zucker- Scharff of The Washington Post — suggesting carving out a portion of the FPS idea and continuing to work on it, even if FPS itself is withdrawn by Google or shelved by the group’s co-chairs.  That portion is something advanced by Google — an “independent enforcement entity” (IEE) — which would in some way govern privacy-protecting means of data transfer between sites.  ( ITEGA, a 501(c)3 nonprofiit organization that sponsors this newsletter, has expressed interest in taking such a role. See earlier story.)

“One of what appears to me to be [the]  most constructive parts of this proposal is the independent enforcement entity, which is some kind of a future governance body that’s capable of evaluating first-party sets and approving sets that are valid — and able to reject sets that are not valid.” said Marti, of CafeMedia. Marti said he would be more comfortable with Google’s FPS idea “if we knew about how the IEE works, its level of resources, guarantee of independence and the skills that are going to be represented there.”

British ad-tech executive James Rosewell, a perennial critic of Google’s post-cookie initiatives and initiator of FPS modification called GDPR Validating Sets 2, said FPS does not align with European privacy law, the General Data Protection Regulation (GDPR).  He commented in an email sent to the Privacy CG co-chairs and placed into the minutes by Apple’s O’Connor. Rosewell himself was not present. Rosewell’s email asserts Google promised to British antitrust regulators that it it would “align its browser development globally to GDPR. FPS does not align to GDPR.”

Key Safari browser privacy engineer John Wilander of Apple first raised pre-meeting criticism of Google’s FPS initiative in an exchange on a group listserve earlier this week. “We are against cross-site cookie access by default in all of its forms, FPS or other,” said Wilander, speaking for Apple engineers, adding, “FPS has the risk of hiding relationships between websites which would otherwise have to be more explicit and potentially understood by users.”

So far, in the lifetime of this (W3C) group, I think what we’ve tried to do is focus the group’s limited time on things that seem to have more consensus than this does,” observed Theresa O’Connor, of Apple, one of three-cochairs of the Privacy Community Group that was meeting.  The other browser-maker co-chairs are Pete Snyder, of Brave Software and Erik Anderson, of Microsoft.  Microsoft was silent on Thursday, but Snyder opened the discussion of First Party Sets, saying he believed FPS would be “privacy harming” and therefore shouldn’t be under consideration by the Privacy Community Group.

Speaking for Google, Kaustubha Govind, engineering manager for Google’s Chrome privacy initiatives, said Google’s FPS proposal is intended to be a bridge between the end of third-party cookies and whatever else the web community eventually arrives at to foster digital advertising and identity. “The intention was primarily to deal with the incompatibility that most major browsers are facing with respect to third-party cookie deprecation,” she said. “Why don’t we all use the same list” (of trustworthy sites),” she asked.  FPS was designed to “break tracking, but keep non-tracking site compatibility working for the most part now.”  She added: “What we really want to break is exchange of information flows  that happens across websites that are not owned by the same organization.”

The Privacy Community Group should consider either stopping consideration of FPS entirely, focus on useful parts of it, or develop new privacy-forward proposals to deal with the end of third-party cookies, said Aram Zucker-Scharff, of The Washington Post in Thursday’s discussion. Some other good work is underway, he said.  “Can we find the pieces of it that satisfy these use cases?” he asked.  As for FPS, he said: “The idea that we might build something that essentially enables a new kind of information flow, without any user intervention is something that I’m opposed to.”

Zucker-Scharff said it might make sense to break off the IEE proposal from FPS “into its own thing.” He added: “Where this is something that might be useful, some sort of governance entity for advertising technology and privacy.”

Google’s Govind first broached the idea of an IEE in a slide deck she and a colleague prepared for an Aug. 12, 2021 meeting of the W3C Privacy Community Group. (See an earlier story in Privacy Beat, Sept. 10, 2021.) Google is also advancing an idea of for allowing login across multiple website without third-party cookies, called the Federated Credential Management API.

ROUNDUP: REPLACING THE COOKIE

CHROME AND PRIVACY — BACKGROUND

ITEGA’s mission: Trust, identity, privacy and information commerce.

ITEGA calls for support of ‘public option’ user privacy/identity ecosystem — led by journalism-aiding nonprofit

Learn More

 

Source: ICCL (PDF)
AdProf’s Ratko Vidakovic summarizes the scale of RTB’s data breach from Irish  ICCL report

Canadian ad-tech blogger and consultant Rako Vidakovic turned over a chunk of his email-only free newsletter to summarizing and providing links to an Irish non-profit’s estimates and clams about data leakage resulting from the advertising industry’s “real-time bidding” (RTP) technologies and networks. The data comes from public sources and private leaks to the Irish Council of Civil Liberties. The full ICCL report is HERE.

Vidakovic reports the data suggests that Google and other top exchanges in the industry track and broadcast personal information — what people view online, their locations etc. — 178 trillion times a year in the U.S. and Europe alone. The ICCL calculates, Vidakovic wrote, that people living in the United States have their online activity and real-world location exposed 57% more than people in Europe. He calls the ICCL’s latest report, written by Johnny Ryan, “inflammatory but not wrong.”

APPLE PRIVACY AD REVIEWED

PRIVACY BUSINESS STRATEGIES 

PLATFORM PRIVACY PITCHES

PERSONAL PRIVACY

PRIVACY AND ABORTION

PLATFORMS & PRIVACY 

 

AD TECH 

  ANTITRUST 

Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat

FTC AND PRIVACY 

WASHINGTON WATCH

STATEHOUSE BEAT

CALIFORNIA PRIVACY 

CONNECTICUT PRIVACY LAW

NEW UTAH LAW ASSESSED

EU & UK AND WORLD PRIVACY 

BACKGROUND: CROSS-BORDER PRIVACY SHIELD

UPCOMING EVENTS

ABOUT PRIVACY BEAT

Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker.  Submit links and ideas for coverage to newsletter@itega.org.

Share Share

Tweet Tweet

Share Share

Forward Forward

Facebook

Twitter

Website

Copyright © 2022 Information Trust Exchange Governing Association, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp